Subscribe
Accepted Solution

CIFS and Folder Traversal

Hi All,

 

We are running NetApp Release 8.1.4P7 7-Mode.

I am attempting to set up a share where the root folder will have the following permissions:

Domain Users - Read & execute, List folder contents, Read - This folder only

Domain Admins - Full Control

 

The idea being that users would only be able to see the subfolders that they have permissions to.

I have set this up on a regular server and it works fine.

When I try to do this on a CIFS volume, I can see every subfolder regardless of permissions.

I've tried setting up the above on a subfolder with inheritance explicitly disabled and still no joy.

 

My theory is that there is some sort of background permissions on the volume that could be overriding the NTFS permissions.

I've seen a couple of websites making reference to it but it appears to be aimed for clustered environments.

Any ideas how and where I could check this?

Re: CIFS and Folder Traversal

You probably want to enable access based enumeration for this share;

Enable ABE
cifs shares -change sharename -accessbasedenum

Re: CIFS and Folder Traversal

That got it, thanks.

Re: CIFS and Folder Traversal

I remember also setting in addition to the per cifs share...

 

options cifs.enable_share_browsing off    

Re: CIFS and Folder Traversal

I believe this is global setting and once it is set to "off" it will overide setting for cifs share -nobrowse option